Merge remote-tracking branch 'origin/main' into beta-releases

github-actions[bot] · github-actions[bot] · commit 4c3ab251d9e6 · 2025-01-27T12:43:27.000Z
diff --git a/.evergreen/functions.yml b/.evergreen/functions.yml
@@ -152,8 +152,6 @@ functions:
 
           # Make all the dirs
           mkdir -p $ARTIFACTS_PATH
-          mkdir -p $NPM_CACHE_DIR
-          mkdir -p $NPM_TMP_DIR
 
     - command: shell.exec
       type: setup
@@ -195,18 +193,9 @@ functions:
           npm config ls -l
           echo "(if npm fails, debug.log will be uploaded to S3)"
 
-          # Install dependencies
+          # Install and check dependencies
           bash ".evergreen/retry-with-backoff.sh" .evergreen/npm_ci.sh
 
-          # Will fail if versions of direct dependencies listed in package-lock
-          # are not matching versions defined in package.json file of any of the
-          # workspace packages
-          # This command is very noisy when running from root with --all, store
-          # the output in a file that will be uploaded with rest of the logs
-          LS_ALL_STDOUT_FILE="$(npm config get cache)/_logs/$(date -u +"%Y-%m-%dT%H_%M_%SZ")-npm-ls-all.log"
-          echo "Validating dependencies with \`npm ls --all\`..."
-          (npm ls --all > $LS_ALL_STDOUT_FILE && echo "No mismatched dependency versions") || (echo "\nThe \`npm ls\` command failed with mismatched dependencies error. This usually means that the dependency versions listed in package.json are not matching dependencies resolved and recorded in package-lock.json. If you updated package.json files in your PR, inspect the error output and try to re-install offending dependncies to fix the package-lock file." && exit 1)
-
   bootstrap:
     - command: shell.exec
       type: setup
diff --git a/.evergreen/npm_ci.sh b/.evergreen/npm_ci.sh
@@ -2,9 +2,20 @@
 
 set -e
 
-npm cache clean -f
+# Remove the cache and any potential install leftovers before installing again.
+# We are running this script with a retry to deal with network issues, in some
+# rare cases npm leaves stuff behind messing up a new attempt
+rm -rf "$NPM_CACHE_DIR"
 rm -rf node_modules
 find configs -name 'node_modules' -type d -prune -exec rm -rf '{}' +
 find packages -name 'node_modules' -type d -prune -exec rm -rf '{}' +
 find scripts -name 'node_modules' -type d -prune -exec rm -rf '{}' +
-npm ci --unsafe-perm
+npm ci --unsafe-perm
+
+# Will fail if versions of direct dependencies listed in package-lock are not
+# matching versions defined in package.json file of any of the workspace
+# packages. This command is very noisy when running from root with --all, store
+# the output in a file that will be uploaded with rest of the logs
+LS_ALL_STDOUT_FILE="$(npm config get cache)/_logs/$(date -u +"%Y-%m-%dT%H_%M_%SZ")-npm-ls-all.log"
+echo "Validating dependencies with \`npm ls --all\`..."
+(npm ls --all >$LS_ALL_STDOUT_FILE && echo "No mismatched dependency versions") || (echo ""; echo "The \`npm ls\` command failed with mismatched dependencies error. This usually means that the dependency versions listed in package.json are not matching dependencies resolved and recorded in package-lock.json. If you updated package.json files in your PR, inspect the error output and try to re-install offending dependncies to fix the package-lock file." && exit 1)
diff --git a/.evergreen/print-compass-env.js b/.evergreen/print-compass-env.js
@@ -1,5 +1,6 @@
 #! /usr/bin/env node
 'use strict';
+const path = require('path');
 
 /*
 This script writes a bash script that can be eval()'d in evergreen to modify the
@@ -79,18 +80,16 @@ function printCompassEnv() {
   PATH = maybePrependPaths(PATH, pathsToPrepend);
   printVar('PATH', PATH);
 
-  const npmCacheDir = `${newPWD}/.deps/.npm`;
-  const npmTmpDir = `${newPWD}/.deps/tmp`;
+  // not using `newPWD` here to avoid issues on windows where the value supposed
+  // to be a non-cygwin path
+  const npmCacheDir = path.resolve(__dirname, '..', '.deps', '.npm-cache');
 
   printVar('ARTIFACTS_PATH', `${newPWD}/.deps`);
   printVar('NPM_CACHE_DIR', npmCacheDir);
-  printVar('NPM_TMP_DIR', npmTmpDir);
 
   // all npm var names need to be lowercase
   // see: https://docs.npmjs.com/cli/v7/using-npm/config#environment-variables
   printVar('npm_config_cache', npmCacheDir);
-  // npm tmp is deprecated, but let's keep it around just in case
-  printVar('npm_config_tmp', npmTmpDir);
   // Also set in our .npmrc but that does not get picked up in the preinstall script.
   printVar('npm_config_registry', 'https://registry.npmjs.org/');
 
diff --git a/.snyk b/.snyk
@@ -1,33 +1,53 @@
 # Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
-version: v1.25.0
+version: v1.25.1
 # ignores vulnerabilities until expiry date; change duration by modifying expiry date
 ignore:
   SNYK-JS-AGGRIDCOMMUNITY-1932011:
     - '*':
         reason: >-
           Not applicable as we do not use a valueFormatter or cellRenderer
           function
-        expires: 2024-11-15T18:27:24.346Z
+        expires: 2025-09-17T13:05:57.065Z
         created: 2024-01-18T18:27:24.353Z
-  SNYK-JS-AXIOS-6032459:
-    - '*':
-        reason: Not applicable to axios usage inside node-analytics package
-        expires: 2024-10-30T10:18:43.435Z
-        created: 2023-10-30T10:18:43.435Z
-  SNYK-JS-ELECTRON-7443355:
-    - '*':
-        reason: >-
-          Not applicable as we do not open / allow opening random webpages in
-          our Electron app.
-        expires: 2024-07-25T12:41:36.996Z
-        created: 2024-07-19T12:41:36.999Z
   SNYK-JS-AGGRIDCOMMUNITY-7414157:
     - '*':
         reason: >-
           Not applicable as we don't use ag-grid utils and the library never
           passes user input directly to the merge function
         expires: 2025-09-17T13:05:57.065Z
         created: 2024-09-17T13:05:57.071Z
+  SNYK-JS-ELECTRON-8642944:
+    - '*':
+        reason: >-
+          Fixed in https://github.com/electron/electron/releases/tag/v32.3.0
+        expires: 2025-03-26T09:48:32.235Z
+        created: 2025-01-27T09:48:32.246Z
+  SNYK-JS-ELECTRON-8642948:
+    - '*':
+        reason: >-
+          Fixed in https://github.com/electron/electron/releases/tag/v32.3.0
+        expires: 2025-03-26T09:49:13.962Z
+        created: 2025-01-27T09:49:13.968Z
+  SNYK-JS-ELECTRON-8097217:
+    - '*':
+        reason: >-
+          Not applicable: requires attacker to inject and execute custom
+          javascript on the page AND experimental api to be enabled (see
+          https://issues.chromium.org/issues/365376497)
+        expires: 2025-03-26T09:49:21.587Z
+        created: 2025-01-27T09:49:21.596Z
+  SNYK-JS-ELECTRON-8604283:
+    - '*':
+        reason: >-
+          Fixed in https://github.com/electron/electron/releases/tag/v32.3.0
+        expires: 2025-03-26T09:49:31.423Z
+        created: 2025-01-27T09:49:31.431Z
+  SNYK-JS-ELECTRON-8642946:
+    - '*':
+        reason: >-
+          Fixed in https://github.com/electron/electron/releases/tag/v32.3.0
+        expires: 2025-02-26T09:49:38.738Z
+        created: 2025-01-27T09:49:38.746Z
 # patches apply the minimum changes required to fix a vulnerability
 patch:
   'npm:ms:20170412':
